Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

ServiceNow Exam CIS-SIR Topic 3 Question 62 Discussion

Actual exam question for ServiceNow's CIS-SIR exam
Question #: 62
Topic #: 3
[All CIS-SIR Questions]

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: A, D, E

by Idella at Sep 13, 2024, 05:04 AM

Limited Time Offer

25%

Off

Get Premium CIS-SIR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Art
2 months ago
Hmm, I'm not sure about F. Wouldn't that just be internal information for the security team? I'd focus on the external indicators that could help identify the phishing source.
upvoted 0 times
...
Lorrine
2 months ago
Ha! I bet the security team would also want to know the 'state of the phishing email' - you know, like if it was opened, clicked, or forwarded. That's a good one, C!
upvoted 0 times
Yolande
29 days ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Amber
1 months ago
C) State of the phishing email
upvoted 0 times
...
Carissa
1 months ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...
Lucia
2 months ago
I'm not sure about E, but I think B and C should also be included.
upvoted 0 times
...
Devora
2 months ago
I agree with Latanya, those observables make sense to store.
upvoted 0 times
...
Jamika
2 months ago
I agree with the first candidate, but I'd also add B. Knowing who reported the phishing attempt could be useful for follow-up or training purposes.
upvoted 0 times
Brittney
1 months ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Erick
2 months ago
B) Who reported the phishing attempt
upvoted 0 times
...
Wilda
2 months ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...
Latanya
2 months ago
I think A, D, and E are stored in the record.
upvoted 0 times
...
Anastacia
3 months ago
A, D, and E for sure. I mean, that's the basic info you'd want to capture, right? The URLs, IPs, and file hashes could be clues to the source of the phishing attack.
upvoted 0 times
Solange
2 months ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Ligia
2 months ago
D) IP addresses from the header
upvoted 0 times
...
Leontine
2 months ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77